A vulnerability in the in.fingerd daemon in Sun Solaris versions 8 and earlier could allow a remote attacker to obtain sensitive account information. A remote attacker can send a specially-crafted finger request to a vulnerable system to cause a list of accounts to be returned to the attacker. This information can be used by the attacker to launch further attacks against the affected host.
The following request is sufficient to disclose a list of users:
finger 'a b c d e f g h'@sunhost
- It is recommended to disable this service.
- WordPress Plugin Theme Blvd Shortcodes Multiple Security Bypass Vulnerabilities (1.5.2)
- WordPress Plugin Videox7 UGC 'listid' Parameter Cross-Site Scripting (220.127.116.11)
- WordPress Plugin Contact Form Multi by BestWebSoft Cross-Site Scripting (1.2.0)
- WordPress Plugin WordPress Backup to Dropbox Information Disclosure (4.7.1)
- WordPress Plugin bbPress Cross-Site Scripting (2.5.6)